Forum Discussion
8 Replies
Hi satyr,
Cloudflare has another header you could use, see the article for True-Client-IP header:
Understanding the True-Client-IP Header
Enable this header and try to update your iRule like this:
when HTTP_REQUEST { HTTP::header insert X-Forwarded-For [HTTP::header value "True-Client-IP"] }
Let us know if this has solved your issue.
KR
Daniel
Does your application traffic flow is like given below ? -
Client --> CloudFlare --> F5 vServer --> Backend servers
If yes, then xff settings enabled under http profile mapped on the vServer is adding CF IP in the header. The original client IP in the header is added by CF itself. In this case, disabling xff settings under F5 http profile should help you. But this change/setting will be applicable for all the application urls which are on that vServer.
- satyrNimbostratus
Hello Mayur
Thanks for read my question.
In this moment the traffic flow is: Cloudflare-->F5 Virtual Server-->Backen Servers
- satyrNimbostratus
Hello Daniel
In this moment the traffic flow is: Cloudflare-->F5 Virtual Server--> Backend Servers
In the backend servers (httpd.conf archive), I have the following line to capture the remote ip address
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common
SetEnvIf X-Forwarded-For "^.\..\..\.." forwarded
Hallo Satyr,
you should add a log statement to the iRule or do a tcpdump in order to monitor whether the True-Client-IP Header contains two IP addresses or if the second IP is added by something else to the XFF header.
KR
Daniel